# Meeting Notes: Self-Hosted Photo Library **Date:** July 16, 2026 **Time:** 2:00–2:45 PM ET **Location:** Video call **Facilitator:** Maya Chen **Note-taker:** Daniel Ruiz ## Attendees - Maya Chen — Product Owner - Daniel Ruiz — Infrastructure - Priya Shah — Security and Privacy - Leo Martin — Application Development - Hannah Brooks — Design and User Research - Omar Haddad — Support and Operations ## Agenda 1. Review goals and current prototype 2. Select the hosting and storage approach 3. Discuss photo import, organization, and search 4. Define backup and recovery requirements 5. Review access control and external sharing 6. Agree on MVP scope and next steps ## Discussion Notes - The library is intended to replace consumer cloud photo storage for the team’s households while preserving full ownership of original files and metadata. - The prototype successfully imports JPEG, PNG, HEIC, and common RAW formats. Video transcoding is functional but resource-intensive. - Automatic timeline grouping and metadata-based search are stable. Face recognition and location enrichment require additional privacy controls. - Mobile uploads need to tolerate interrupted connections and avoid duplicate files. The team agreed that background synchronization reliability is more important than real-time uploads for the first release. - The initial deployment will use a single application server with attached storage. Components should remain containerized so the database, workers, and storage can be moved independently later. - Originals must remain unmodified. Rotations, crops, thumbnails, and transcoded videos will be stored as derived assets. - A local backup alone is insufficient. The recovery plan will include encrypted off-site copies and periodic restore tests. - Public sharing links are useful but increase exposure. Links should support expiration dates, optional passwords, and manual revocation. - Priya noted that face recognition should be disabled by default and processed locally when enabled. No biometric data should leave the deployment. - Omar requested an admin dashboard showing failed imports, storage usage, backup status, and background-job health. ## Decisions - Use a containerized deployment on Linux, with PostgreSQL for application data and the filesystem for original and derived media. - Store originals in a documented, human-readable directory structure that remains usable without the application. - Compute checksums during import and use them as the primary duplicate-detection mechanism. - Preserve embedded metadata and sidecar files; never overwrite original media. - Include automatic mobile uploads, timeline browsing, albums, metadata search, and controlled sharing in the MVP. - Defer advanced photo editing, collaborative album comments, and cloud-storage federation until after the MVP. - Keep face recognition disabled by default. When enabled, all processing and model storage must remain local. - Require encrypted off-site backups, daily incremental backups, monthly restore tests, and a written disaster-recovery procedure. - Sharing links will expire after seven days by default and may be password-protected or revoked early. - The initial service-level target is recovery within 24 hours with no more than 24 hours of data loss. ## Action Items - [ ] Leo: Document the proposed media directory layout and import pipeline by July 20. - [ ] Daniel: Produce a deployment diagram and hardware-sizing estimate for libraries of 1 TB, 5 TB, and 20 TB by July 22. - [ ] Priya: Draft the privacy threat model, including face recognition, EXIF location data, and public sharing links, by July 24. - [ ] Hannah: Test the mobile upload and timeline flows with five users and summarize usability issues by July 29. - [ ] Omar: Define monitoring alerts for failed imports, low disk space, backup failures, and stalled background jobs by July 23. - [ ] Daniel and Priya: Run an encrypted off-site backup and full restore exercise by August 3. - [ ] Maya: Convert the agreed MVP scope into prioritized acceptance criteria before the next planning session. - [ ] Leo: Prototype expiring, password-protected sharing links and demonstrate revocation at the next meeting. ## Open Questions - Should the first release support multiple independent libraries within one deployment? - How should edits made in external desktop applications be detected and reconciled? - Is GPU acceleration necessary for the expected video and machine-learning workload? - What retention period should apply to deleted photos and revoked shares? ## Next Meeting **Date:** July 30, 2026 **Focus:** MVP acceptance criteria, deployment sizing, and privacy review